Yes, but if that script is generated by some other tool, updating the tool should handle that for you.

OP: PaulBredbury is correct. He also brings up an interesting problem. You have been using a completely open (non-filtering) configuration for some time, since your rules-save specified an open configuration. The rules.working file, which was not used and therefore not working, specified a filtering configuration. The change he suggests is correct to maintain your current behavior of accepting all traffic.

Regarding the fact that I have no actual filtering rules - thank you for pointing that out. My iptalbes knowledge seriously lacks. Can anyone suggest a good GUI that will help me configure this or a manual that is written for idiots?

Regarding the fact that I have no actual filtering rules - thank you for pointing that out. My iptalbes knowledge seriously lacks. Can anyone suggest a good GUI that will help me configure this or a manual that is written for idiots?

Thanks very much for the help.

The Arch Linux wiki has a page that you might find helpful. From what it looks like you're trying to accomplish, you can probably skip everything after section 2.4 ("The INPUT Chain").

Can anyone suggest a good GUI that will help me configure this or a manual that is written for idiots?

Skippy204 ... there is a direct corrolation between tools that shield the user from understanding the internals of a given system, and users not understanding the internals of a given system. Skill and familiarity are aquired by "use", and there is no shortcut that doesn't infact circumvent "use", and so the development of skill.

By far the best tutorial on iptables is Oskar Andreasson's. It doesn't make the assumption of prior knowledege (and so is accessable) but is detailed and broad in scope. That said, the subject is not one that can be grasped in a new-york minute, but as the saying goes, its better to be at the bottom of a ladder you want to climb than half way up one you don't.

n22 /etc/kmyfirewall # ./kmyfirewall.sh restart
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

I have never touched any iptables configuration assuming it comes with reasonable defaults... And iptables has been installed as dependency

So this means that you did not write any rules / did not add the program to rc... correct ?
So iptables are neither configured nor running on your system.
For running as a firewall for example I mean.

So the upgrade did not actually break anything in your system.

BTW, just fearing something. I might completely misunderstand what you mean but... do you mean you believed your system protected because supposed to be running some automagic-default-safe firewall ? _________________

So this means that you did not write any rules / did not add the program to rc... correct ?

I did not write any rules. I think that libvirt is shipped with some rules needed for virtual networking. iptables is in runlevel default, but I can't remember adding it (I use this system for more than 4 years now)

aCOSwt wrote:

So iptables are neither configured nor running on your system.
Well,
For running as a firewall for example I mean.

I never set it up to be running as a firewall. I think libvirt needs it for bridging.

aCOSwt wrote:

So the upgrade did not actually break anything in your system.

iptbales fails to start. Maybe I just remove it from all runlevels and see if this breaks something.

aCOSwt wrote:

BTW, just fearing something. I might completely misunderstand what you mean but... do you mean you believed your system protected because supposed to be running some automagic-default-safe firewall ?

I always thought a Linux system does not need a firewall if there are no services listening for external connections? My apache only accepts connections from localhost (I need it for personal dokuwiki), my sshd is only accepting certain ssh-keys and no passwords,... . Do I need a firewall on a Linux laptop?